Step1: Define the information Security Policy ------> Information Security Policy
Step2: Define the scope of the ISMS ------->Scope of the ISMS
Step3: Undertake risk assessment ------->Risk Assessment
Step4: Manage the risk -------> Area of risk to be managed
Step5: Select control objectives and Controls -------> Selection Rationale
Step6: Prepare Statement of Applicability --------> Statement of Applicability
From http://www.iwar.org.uk/comsec/resources/bs7799/works.htm
No comments:
Post a Comment